MediaWiki  master
ApiQueryTokens.php
Go to the documentation of this file.
1 <?php
26 use MediaWiki\Api\ApiHookRunner;
27 use MediaWiki\MediaWikiServices;
28 use MediaWiki\User\User;
29 use Wikimedia\ParamValidator\ParamValidator;
30 
37 class ApiQueryTokens extends ApiQueryBase {
38 
39  public function execute() {
40  $params = $this->extractRequestParams();
41 
42  if ( $this->lacksSameOriginSecurity() ) {
43  $this->addWarning( [ 'apiwarn-tokens-origin' ] );
44  return;
45  }
46 
47  $user = $this->getUser();
48  $session = $this->getRequest()->getSession();
49  $salts = self::getTokenTypeSalts();
50 
51  $done = [];
52  $path = [ 'query', $this->getModuleName() ];
53  $this->getResult()->addArrayType( $path, 'assoc' );
54 
55  foreach ( $params['type'] as $type ) {
56  $token = self::getToken( $user, $session, $salts[$type] )->toString();
57  $fit = $this->getResult()->addValue( $path, $type . 'token', $token );
58 
59  if ( !$fit ) {
60  // Abuse type as a query-continue parameter and set it to all unprocessed types
61  $this->setContinueEnumParameter( 'type',
62  array_diff( $params['type'], $done ) );
63  break;
64  }
65  $done[] = $type;
66  }
67  }
68 
77  public static function getTokenTypeSalts() {
78  static $salts = null;
79  if ( !$salts ) {
80  $salts = [
81  'csrf' => '',
82  'watch' => 'watch',
83  'patrol' => 'patrol',
84  'rollback' => 'rollback',
85  'userrights' => 'userrights',
86  'login' => [ '', 'login' ],
87  'createaccount' => [ '', 'createaccount' ],
88  ];
89  $hookContainer = MediaWikiServices::getInstance()->getHookContainer();
90  $hookRunner = new ApiHookRunner( $hookContainer );
91  $hookRunner->onApiQueryTokensRegisterTypes( $salts );
92  ksort( $salts );
93  }
94 
95  return $salts;
96  }
97 
110  public static function getToken( User $user, MediaWiki\Session\Session $session, $salt ) {
111  if ( is_array( $salt ) ) {
112  $session->persist();
113  return $session->getToken( ...$salt );
114  } else {
115  return $user->getEditTokenObject( $salt, $session->getRequest() );
116  }
117  }
118 
119  public function getAllowedParams() {
120  return [
121  'type' => [
122  ParamValidator::PARAM_DEFAULT => 'csrf',
123  ParamValidator::PARAM_ISMULTI => true,
124  ParamValidator::PARAM_TYPE => array_keys( self::getTokenTypeSalts() ),
125  ParamValidator::PARAM_ALL => true,
126  ],
127  ];
128  }
129 
130  protected function getExamplesMessages() {
131  return [
132  'action=query&meta=tokens'
133  => 'apihelp-query+tokens-example-simple',
134  'action=query&meta=tokens&type=watch|patrol'
135  => 'apihelp-query+tokens-example-types',
136  ];
137  }
138 
139  public function isReadMode() {
140  // So login tokens can be fetched on private wikis
141  return false;
142  }
143 
144  public function getHelpUrls() {
145  return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:Tokens';
146  }
147 }
ApiBase\getResult
getResult()
Get the result object.
Definition: ApiBase.php:668
ApiBase\extractRequestParams
extractRequestParams( $options=[])
Using getAllowedParams(), this function makes an array of the values provided by the user,...
Definition: ApiBase.php:808
ApiBase\addWarning
addWarning( $msg, $code=null, $data=null)
Add a warning for this module.
Definition: ApiBase.php:1434
ApiBase\getModuleName
getModuleName()
Get the name of the module being executed by this instance.
Definition: ApiBase.php:529
ApiBase\lacksSameOriginSecurity
lacksSameOriginSecurity()
Returns true if the current request breaks the same-origin policy.
Definition: ApiBase.php:595
ApiQueryBase
This is a base class for all Query modules.
Definition: ApiQueryBase.php:41
ApiQueryBase\setContinueEnumParameter
setContinueEnumParameter( $paramName, $paramValue)
Set a query-continue value.
Definition: ApiQueryBase.php:501
ApiQueryTokens
Module to fetch tokens via action=query&meta=tokens.
Definition: ApiQueryTokens.php:37
ApiQueryTokens\getTokenTypeSalts
static getTokenTypeSalts()
Get the salts for known token types.
Definition: ApiQueryTokens.php:77
ApiQueryTokens\getToken
static getToken(User $user, MediaWiki\Session\Session $session, $salt)
Get a token from a salt.
Definition: ApiQueryTokens.php:110
ApiQueryTokens\getHelpUrls
getHelpUrls()
Return links to more detailed help pages about the module.
Definition: ApiQueryTokens.php:144
ApiQueryTokens\isReadMode
isReadMode()
Indicates whether this module requires read rights.
Definition: ApiQueryTokens.php:139
ApiQueryTokens\getAllowedParams
getAllowedParams()
Returns an array of allowed parameters (parameter name) => (default value) or (parameter name) => (ar...
Definition: ApiQueryTokens.php:119
ApiQueryTokens\getExamplesMessages
getExamplesMessages()
Returns usage examples for this module.
Definition: ApiQueryTokens.php:130
ApiQueryTokens\execute
execute()
Evaluates the parameters, performs the requested query, and sets up the result.
Definition: ApiQueryTokens.php:39
MediaWiki\Api\ApiHookRunner
This class provides an implementation of the hook interfaces used by the core Action API,...
Definition: ApiHookRunner.php:58
MediaWiki\MediaWikiServices
Service locator for MediaWiki core services.
Definition: MediaWikiServices.php:232
MediaWiki\User\User
internal since 1.36
Definition: User.php:98
MediaWiki\User\User\getEditTokenObject
getEditTokenObject( $salt='', $request=null)
Initialize (if necessary) and return a session token value which can be used in edit forms to show th...
Definition: User.php:2962
MediaWiki
The MediaWiki class is the helper class for the index.php entry point.
Definition: MediaWiki.php:50
Wikimedia\ParamValidator\ParamValidator
Service for formatting and validating API parameters.
Definition: ParamValidator.php:42